2014-01-02 - TWO EXAMPLES: FIESTA EK AND NEUTRINO EK

ASSOCIATED FILES:

 

NOTES:

This is a quick post for PCAPs and malware on two different infections...

 

EXAMPLE 1 - FIESTA EK TRAFFIC

ASSOCIATED DOMAINS:

HTTP REQUESTS:

ARTIFACTS FROM THE PCAP:

MALWARE:

 

EXAMPLE 2 - NEUTRINO EK TRAFFIC

ASSOCIATED DOMAINS:

HTTP REQUESTS:

ARTIFACTS FROM EXPLOIT DOMAIN IN THE PCAP:

MALWARE:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.